Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

This presentation shows you how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. It also touches on best practices for securing a REST API and using SSL.

More than 5000 IT Certified ( SAP,Oracle,Mainframe,Microsoft and IBM Technologies etc...)Consultants registered. Register for IT courses at http://www.todaycourses.com Most of our companies will help you in processing H1B Visa, Work Permit and Job Placements

3.
Why am I here?
Purpose
To explore Java webapp security options and
encourage you to be a security expert
Goals
Show how to implement Java webapp security
Show how to penetrate a Java webapp
Show how to ﬁx vulnerabilities

4.
What about YOU?
Why are you here?
Do you care about Security?
Have you used Java EE 7, Spring Security or
Apache Shiro?
What do you want to get from this talk?

28.
Testing with SSL
Cargo doesn’t support http and https at same time
Jetty and Tomcat plugins work for both
Pass javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword to maven-failsafe-
plugin as <systemPropertyVariables>
Learn more: http://raibledesigns.com/rd/entry/integration_testing_with_http_https

53.
Remember...
“Security is a quality, and as all other quality, it is important
that we build it into our apps while we are developing
them, not patching it on afterwards like many people do.”
-- Erlend Oftedal
From a comment on raibledesigns.com: http://bit.ly/mjufjR